Posted
by
msmash
on Thursday December 01, 2016 @12:25PM
from the greater-good dept.

Stephen Shankland, writing for CNET: Mozilla is marshaling public support for political positions, like backing net neutrality, defending encryption and keeping government surveillance from getting out of hand, says Denelle Dixon-Thayer, Mozilla's chief legal and business officer. The organization is funding the efforts with revenue from Firefox searches, which has jumped since 2014 when it switched from a global deal with Google to a set of regional deals. Mozilla brought in $421 million in revenue last year largely through partnerships with Yahoo in the US, Yandex in Russia and Baidu in China, according to tax documents released alongside Mozilla's 2015 annual report on Thursday. Pushing policy work brings new challenges well beyond traditional Mozilla work competing against Google's Chrome browser and Microsoft's Internet Explorer. They include squaring off against the incoming administration of Donald Trump.

Posted
by
BeauHDon Wednesday November 30, 2016 @07:20PM
from the keep-one-eye-open dept.

An anonymous reader quotes a report from Computerworld: A Firefox zero-day being used in the wild to target Tor users is using code that is nearly identical to what the FBI used in 2013 to unmask Tor-users. A Tor browser user notified the Tor mailing list of the newly discovered exploit, posting the exploit code to the mailing list via a Sigaint darknet email address. A short time later, Roger Dingledine, co-founder of the Tor Project Team, confirmed that the Firefox team had been notified, had "found the bug" and were "working on a patch." On Monday, Mozilla released a security update to close off a different critical vulnerability in Firefox. Dan Guido, CEO of TrailofBits, noted on Twitter, that "it's a garden variety use-after-free, not a heap overflow" and it's "not an advanced exploit." He added that the vulnerability is also present on the Mac OS, "but the exploit does not include support for targeting any operating system but Windows." Security researcher Joshua Yabut told Ars Technica that the exploit code is "100% effective for remote code execution on Windows systems." "The shellcode used is almost exactly the shellcode of the 2013 one," tweeted a security researcher going by TheWack0lian. He added, "When I first noticed the old shellcode was so similar, I had to double-check the dates to make sure I wasn't looking at a 3-year-old post." He's referring to the 2013 payload used by the FBI to deanonymize Tor-users visiting a child porn site. The attack allowed the FBI to tag Tor browser users who believed they were anonymous while visiting a "hidden" child porn site on Freedom Hosting; the exploit code forced the browser to send information such as MAC address, hostname and IP address to a third-party server with a public IP address; the feds could use that data to obtain users' identities via their ISPs.

Posted
by
BeauHDon Thursday November 17, 2016 @05:45PM
from the what-more-do-you-need dept.

Krystalo quotes a report from VentureBeat: Mozilla today launched a new browser for iOS. In addition to Firefox, the company now also offers Firefox Focus, a browser dedicated to user privacy that by default blocks many web trackers, including analytics, social, and advertising. You can download the new app now from Apple's App Store. If you're getting a huge feeling of deja vu, that's because in December 2015, Mozilla launched Focus by Firefox, a content blocker for iOS. The company has now rebranded the app as Firefox Focus, and it serves two purposes. The content blocker, which can still be used with Safari, remains unchanged. The basic browser, which can be used in conjunction with Firefox for iOS, is new. Firefox Focus is basically just an iOS web view with tracking protection. If you shut it down, or iOS shuts it down while it's in the background, the session is lost. There's also an erase button if you want to wipe your session sooner. But those are really the only features -- there's no history, menus, or even tabs.

Posted
by
msmash
on Tuesday November 15, 2016 @03:41PM
from the firefox-club dept.

Mozilla has begun seeding the binary and source packages of the final release of Firefox 50 web browser on all supported platforms, including GNU/Linux and macOS. From a report on Softpedia: We have to admit that we expected to see some major features and improvements, but that hasn't happened. The biggest new feature of the Firefox 50.0 release appears to be emoji for everyone. That's right, the web browser now ships with built-in emoji for GNU/Linux distributions, as well as other operating systems that don't include native emoji fonts by default, such as Windows 8.0 and previous versions. Also new, Firefox 50.0 now shows lock icon strikethrough for web pages that offer insecure password fields. Another interesting change that landed in the Mozilla Firefox 50.0 web browser is the ability to cycle through tabs in recently used order using the Ctrl+Tab keyboard shortcut. Moreover, it's now possible to search for whole words only using the "Find in page" feature. Last but not the least, printing was improved as well by using the Reader Mode, which now uses the accel-(opt/alt)-r keyboard shortcut, the Guarana (gn) locale is now supported, the rendering of dotted and dashed borders with rounded corners (border-radius) has been fixed as well.

Posted
by
msmash
on Tuesday November 08, 2016 @03:00PM
from the interesting-questions dept.

Reader dryriver writes: There is no shortage of internet websites these days that peddle "information", "knowledge", "analysis", "explanations" or even supposed "facts" that don't hold up to even the most basic scrutiny -- one quick trip over to Wikipedia, Snopes, an academic journal or another reasonably factual/unbiased source, and you realize that you've just been fed a triple dose of factually inaccurate horsecrap masquerading as "fact". Unfortunately, many millions of more naive internet users appear to frequent sites daily that very blatantly peddle "untruths", "pseudo-facts" or even "agitprop-like disinformation", the latter sometimes paid for by someone somewhere. No small number of these more gullible internet users then wind up believing just about everything they read or watch on these sites, and in some cases cause other gullible people in the offline world to believe in them too. Now here is an interesting idea: What if your internet browser -- whether Edge, Firefox, Chrome, Opera or other -- was able provide an "information accuracy rating" of some sort when you visit a certain URL. Perhaps something like "11,992 internet users give this website a factual accuracy rating of 3.7/10. This may mean that the website you are visiting is prone to presenting information that may not be factually accurate." You could also take this 2 steps further. You could have a small army of "certified fact checkers" -- people with scientific credentials, positions in academia or similar -- provide a rolling "expert rating" on the very worst of these websites, displayed as "warning scores" by the web browser. Or you could have a keyword analysis algorithm/AI/web crawler go through the webpage you are looking at, try to cross-reference the information presented to you against a selection of "more trusted sources" in the background, and warn you if information presented on a webpage as "fact" simply does not check out. Is this a good idea? Could it be made to work technically? Might a browser feature like this make the internet as a whole a "more factually accurate place" to get information from?That's a remarkable idea. It appears to me that many companies are working on it -- albeit not fast enough, many can say. Google, for instance, recently began adding "Fact check" to some stories in search results. I am not sure how every participating player in this game could implement this in their respective web browsers though. Then there is this fundamental issue: the ability to quickly check whether or not something is indeed accurate. There's too much noise out there, and many publications and blogs report on things (upcoming products, for instance) before things are official. How do you verify such stories? If the NYTimes says, for instance, Apple is not going to launch any iPhone next year, and every website cites NYTimes and republishes it, how do you fact check that? And at last, a lot of fake stories circulate on Facebook. You may think it's a problem. Obama may think it's a problem, but does Facebook see it as a problem? For all it care, those stories are still generating engagement on its site.

Posted
by
msmash
on Tuesday November 08, 2016 @02:20PM
from the shoo-away dept.

According to multiple reports, Web of Trust, one of the top privacy and security extensions for web browsers with over 140 million downloads, collects and sells some of the data of its users -- and it does without properly anonymizing it. Upon learning about this, Mozilla, Google and Opera quickly pulled the extension off their respective extension stores. From a report on The Register: A browser extension which was found to be harvesting users' browsing histories and selling them to third parties has had its availability pulled from a number of web browsers' add-on repositories. Last week, an investigative report by journalists at the Hamburg-based German television broadcaster, Norddeutscher Rundfunk (NDR), revealed that Web of Trust Services (WoT) had been harvesting netizens' web browsing histories through its browser add-on and then selling them to third parties. While WoT claimed it anonymised the data that it sold, the journalists were able to identify more than 50 users from the sample data it acquired from an intermediary. NDR quoted the data protection commissioner of Hamburg, Johannes Caspar, criticising WoT for not adequately establishing whether users consented to the tracking and selling of their browsing data. Those consent issues have resulted in the browser add-on being pulled from the add-on repositories of both Mozilla Firefox and Google Chrome, although those who have already installed the extension in their browsers will need to manually uninstall it to stop their browsing being tracked.

Posted
by
EditorDavid
on Sunday November 06, 2016 @02:34PM
from the cutting-Edge dept.

Google's Chrome browser "now accounts for more than half of all desktop browser usage and has nearly double the market share of Edge and Internet Explorer combined," reports Hot Hardware:
Market research firm Net Applications has Chrome sitting pretty with a 54.99% share of the desktop browser market, up from 31.12% at this moment a year ago, while Internet Explorer and Edge combine for 28.39 percent and Firefox stuck at around 11%. Even more interesting is that when Windows 10 launched to the public at the end of July 2015, Chrome had a 27.82% share of the market while IE still dominated the landscape with a 54% share. Now the script has flipped.
Just six months ago, the same research firm reported Chrome with a 41.66%, share barely beating Microsoft's 41.35%.

Posted
by
EditorDavid
on Saturday November 05, 2016 @08:34PM
from the watching-the-watchmen dept.

An anonymous reader asks:
In an age of evercookies, zombie cookies, and always expanding efforts to track browsers, devices, and people -- is there any way to browse totally anonymous to the sites you are visiting?
With so many technologies quietly monitoring your activity, "How can a user today browse with confidence that they can't be tracked or identified, avoiding even being identified anonymously as a returning user or device?" Leave your best answers in the comments. What's the best way to browse the web anonymously?

Posted
by
BeauHDon Tuesday November 01, 2016 @07:05PM
from the trust-issues dept.

itwbennett quotes a report from CSO Online: Following similar decisions by Mozilla and Apple, Google plans to reject new digital certificates issued by certificate authorities WoSign and StartCom because they violated industry rules and best practices. The ban will go into effect in Chrome version 56, which is currently in the dev release channel, and will apply to all certificates issued by the two authorities after October 21. Browsers rely on digital certificates to verify the identity of websites and to establish encrypted connections with them. Certificates issued before October 21 will continue to be trusted as long as they're published to the public Certificate Transparency logs or have been issued to a limited set of domains owned by known WoSign and StartCom customers. "Due to a number of technical limitations and concerns, Google Chrome is unable to trust all pre-existing certificates while ensuring our users are sufficiently protected from further misissuance," said Chrome security team member Andrew Whalley in a blog post Monday. "As a result of these changes, customers of WoSign and StartCom may find their certificates no longer work in Chrome 56. Sites that find themselves on the whitelist will be able to request early removal once they've transitioned to new certificates," Whalley said. "Any attempt by WoSign or StartCom to circumvent these controls will result in immediate and complete removal of trust."

Posted
by
msmash
on Friday October 28, 2016 @12:25PM
from the Firefox-delights dept.

An anonymous reader writes: Mozilla is currently working on a new browser engine called Quantum, which will take parts from the Servo project and create a new core for the Firefox browser. The new engine will replace the aging Gecko, Firefox' current engine. Mozilla hopes to finish the transition to Quantum (as in Quantum Leap) by the end of 2017. The first versions of Quantum will heavily rely on components from Servo, a browser engine that Mozilla has been sponsoring for the past years, and which shipped its first alpha version this June. In the upcoming year, Mozilla will slowly merge Gecko and Servo components with each new release, slowly removing Gecko's ancient code, and leaving Quantum's engine in place.

Posted
by
BeauHDon Tuesday October 25, 2016 @05:40PM
from the battle-of-the-fittest dept.

Krystalo quotes a report from VentureBeat: It's been more than a year since our last browser benchmark battle, and the competition remains fierce. Google Chrome, Mozilla Firefox, and Microsoft Edge have all gained a variety of new features and improvements over the past year. It's time to see if any of them have managed to pull ahead of the pack. It appears that Edge has made the biggest gains since last year. That said, browser performance is improving at a very rapid pace, and it shouldn't be your only consideration when picking your preferred app for consuming Internet content. You can click on individual tests below to see the details:

The Let's Encrypt initiative, which exited beta back in April, is doing some of that work by providing sites with free digital certificates to help accelerate the switch to HTTPS. According to [co-founder Josh] Aas, Let's Encrypt added more than a million new active certificates in the past week -- which is also a significant step up. In the initiative's first six months (when still in beta) it only issued around 1.7 million certificates in all.
The "50% HTTPS" figure is just a one-day snapshot, and it's from "only a subset of Firefox users who are running Mozilla's telemetry browser...not default switched on for most Firefox users (only for users of pre-release Firefox builds)."
But the biggest caveat is it's only counting Firefox users, which in July represented just 7.7% of web surfers (according to Statista), behind both Chrome (49.5%) and Safari (13.68%) -- but also ahead of Internet Explorer (5.4%) and Opera (5.99%).

Posted
by
msmash
on Thursday October 06, 2016 @05:51PM
from the deceptive-pages dept.

The Pirate Bay's download pages are being blocked by Chrome and Firefox. These pages have been flagged as "deceptive," by Google's safe browsing program. TorrentFreak reports that "millions" of Pirate Bay users are currently unable to access the torrent detail pages on the site without receiving a stark warning. The report adds: The homepage and various categories can be reached without problems, but when visitors navigate to a download page they are presented with an ominous red warning banner. According to Google the notorious torrent site is linked to a phishing effort, where malicious actors try to steal the personal information of visitors. It's likely that the security error is caused by a malicious third-party advertisement. The TPB team informs TorrentFreak that they are aware of the issue, which they hope will be resolved soon.

Posted
by
msmash
on Friday September 30, 2016 @12:22PM
from the shape-of-things-to-come dept.

An anonymous reader writes: Mozilla announced today Project Mortar, an initiative to explore the possibility of deploying alternative technologies in Firefox to replace its internal implementations. The project's first two goals are to test two Chrome plugins within the Firefox codebase. These are PDFium, the Chrome plugin for viewing PDF files, and Pepper Flash, Google's custom implementation of Adobe Flash. The decision comes as Mozilla is trying to cut down development costs, after Firefox took a nose dive in market share this year. "In order to enable stronger focus on advancing the Web and to reduce the complexity and long term maintenance cost of Firefox, and as part of our strategy to remove generic plugin support, we are launching Project Mortar," said Johnny Stenback, Senior Director Of Engineering at Mozilla Corporation. "Project Mortar seeks to reduce the time Mozilla spends on technologies that are required to provide a complete web browsing experience, but are not a core piece of the Web platform," Stenback adds. "We will be looking for opportunities to replace such technologies with other existing alternatives, including implementations by other browser vendors."

Posted
by
msmash
on Tuesday September 27, 2016 @10:30AM
from the end-of-things dept.

Mozilla announced last year that Firefox OS initiative of shipping phones with commercial partners did not bring the returns it sought. The company earlier this year hinted that it intends to shut the project. It is now sharing how it will deal with Firefox OS code base going forward. From their post: We would stop our efforts to build and ship smartphones through carrier partners and pivot our efforts with Firefox OS to explore opportunities for new use cases in the world of connected devices. Firefox OS was transitioned to a Tier 3 platform from the perspective of support by Mozilla's Platform Engineering organization. That meant as of January 31, 2016 no Mozilla Platform Engineering resources would be engaged to provide ongoing support and all such work would be done by other contributors. For some period of time that work would be done by Mozillaâ(TM)s Connected Devices team. We had ideas for other opportunities for Firefox OS, perhaps as a platform for explorations in the world of connected devices, and perhaps for continued evolution of Firefox OS TV. To allow for those possibilities, and to provide a stable release for commercial TV partners, development would continue on a Firefox OS 2.6 release. In parallel with continued explorations by the Connected Devices team, we recognized there was interest within the Mozilla community in carrying forward work on Firefox OS as a smartphone platform, and perhaps even for other purposes. A Firefox OS Transition Project was launched to perform a major clean-up of the B2G code bringing it to a stable end state so it could be passed into the hands of the community as an open source project. In the spring and summer of 2016 the Connected Devices team dug deeper into opportunities for Firefox OS. They concluded that Firefox OS TV was a project to be run by our commercial partner and not a project to be led by Mozilla. Further, Firefox OS was determined to not be sufficiently useful for ongoing Connected Devices work to justify the effort to maintain it. This meant that development of the Firefox OS stack was no longer a part of Connected Devices, or Mozilla at all. Firefox OS 2.6 would be the last release from Mozilla. Today we are announcing the next phase in that evolution. While work at Mozilla on Firefox OS has ceased, we very much need to continue to evolve the underlying code that comprises Gecko, our web platform engine, as part of the ongoing development of Firefox. In order to evolve quickly and enable substantial new architectural changes in Gecko, Mozilla's Platform Engineering organization needs to remove all B2G-related code from mozilla-central. This certainly has consequences for B2G OS. For the community to continue working on B2G OS they will have to maintain a code base that includes a full version of Gecko, so will need to fork Gecko and proceed with development on their own, separate branch.

Posted
by
msmash
on Tuesday September 20, 2016 @03:00PM
from the browser-delights dept.

An anonymous reader writes: Mozilla today launched Firefox 49 for Windows, Mac, Linux, and Android. The new version includes expanded multi-process support, improvements to Reader Mode, and offline page viewing on Android. The built-in voice and video calling feature Firefox Hello, meanwhile, has been removed from the browser. First up, Firefox 49 brings two improvements to Reader Mode. You can now adjust the text (width and line spacing), fonts, and even change the theme from light to dark. There is also a new Narrate option that reads the content of the page aloud. Next is the Mozilla's crusade to enable multi-process support, a feature that has been in development for years as part of the Electrolysis project. With the release of Firefox 48, Mozilla enabled multi-process support for 1 percent of users, slowly ramping up to nearly half of the Firefox Release channel. Initial tests showed a 400 percent improvement in overall responsiveness.Mozilla says at least "half a billion people around the world" use its Firefox browser.

Posted
by
msmash
on Friday September 16, 2016 @03:40PM
from the security-woes dept.

Mozilla is investigating whether the fully patched version of Firefox is affected by the same cross-platform, malicious code-execution vulnerability patched on Friday in the Tor browser. Dan Goodin, reporting for ArsTechnica: The vulnerability allows an attacker who has a man-in-the-middle position and is able to obtain a forged certificate to impersonate Mozilla servers, Tor officials warned in an advisory. From there, the attacker could deliver a malicious update for NoScript or any other Firefox extension installed on a targeted computer. The fraudulent certificate would have to be issued by any one of several hundred Firefox-trusted certificate authorities (CA). While it probably would be challenging to hack a CA or trick one into issuing the necessary certificate for addons.mozilla.org, such a capability is well within reach of nation-sponsored attackers, who are precisely the sort of adversaries included in the Tor threat model. In 2011, for instance, hackers tied to Iran compromised Dutch CA DigiNotar and minted counterfeit certificates for more than 200 addresses, including Gmail and the Mozilla addons subdomain.

Slashdot Top Deals

Slashdot Top Deals

Slashdot Poll

Maximum Items You've Powered From a Single Outlet

1-2: Better safe than sorry
3-4: Power strips are OK, right
5-8: Make that two power strips
9-16: Only a little smoke coming out
>16: Waiting for the big bang
All my stuff runs on batteries your insensitive clod